OAM Password Policies - Oracle Trainings for Apps & Fusion DBA

OAM Password Policies

This post outlines the password policies, user challenges in Oracle Access Manager that are possible OOTB.

Lost Password Policy: Lost Password Policy creation is used to challenge the user with registered questions at first login and followed by reset password.

Password Policy: Password Policy is used for specifying the Password Specifications (if any), Password validity period, Password History etc.,

The Change on Reset option enables user to change their password at their first login.

The following steps describe the usage of password reset, lost password management.

1. New User gets created in OAM without registering challenge questions.

2. New user attempts to login to OAM console.

3. OAM forces the user to change their password. Upon changing, user will have to register their challenge questions (either user defined or system defined).

4. Upon successful password reset and questions registration, user will be shown the OAM console.

5. User forgets their password and clicks Loss Password button.

6. User will be challenged with registered questions. After answering the questions correctly, user will be prompted to change their password.

7. User logs in to OAM console successfully and attempts to reset password.

8. User navigates to My Profile, clicks on Modify and enters the existing and new passwords.

Contact me off the list @mahi.babu@gmail.com for a viewlet

About the Author Mahendra

I am engulfed in Oracle Identity & Access Management domain. I have expertise on providing the optimized solutions for user provisioning, web access management, Single Sign-On and federation capabilities etc., I am also well versed with complex integrations within Identity Management and other product domains. I have expertise on building demos and implementation experience on products Oracle Access Manager, Oracle Adaptive Access Manager, Oracle Entitlement Server, Oracle Virtual Directory, Oracle Internet Directory etc., Look @ my blog: http://talkidentity.blogspot.com

Leave a Comment:

4 comments

prady says February 23, 2010

Looks Cool Man…!

» Configuring Lost Password management in Oracle Access Manager Online Apps DBA: One Stop Shop for Apps DBA’s says March 11, 2010

[…] For more information, check this. […]

Shiv says May 12, 2011

Hi,

I have an application, which has been secured by OAM using OID. Now I need to call a WebService (which is protected & belongs to third party), which requires username & password for authentication. Can I retrieve the password, which I used to login into my application (OAM secured app). If yes, please provide the pointers. Thank you.

Regards,
Shiv

Mahendra says May 15, 2011

Hi Shiv,

The challenge here is to retrieve the password used by OAM, which is encrypted. That is not the best option. May be you can authenticate the webservice by giving uid and pwd the same way you login to OAM secured application.

You can explore the way to do it.

Add Your Reply